Updated versions of dependencies (#197)

ckunki · web-flow · commit cb659d3e838f · 2024-02-19T13:03:48.000+01:00
* Fixed vulnerabilities by updating dependencies
Switched to python 3.10
* [run-notebook-tests] [CodeBuild]
To enable using latest version of ansible-core.
Needed to add dependency to importlib-metadata as no longer provisioned with python 3.10.
* upgraded AWS codebuild image to aws/codebuild/standard:6.0
in templates/release_code_build.jinja.yaml
and templates/ci_code_build.jinja.yaml
* Fixed review findings
diff --git a/.github/actions/prepare_poetry_env/action.yml b/.github/actions/prepare_poetry_env/action.yml
@@ -4,7 +4,7 @@ inputs:
   python-version:
     description: 'The Python version to use'
     required: true
-    default: '3.8'
+    default: '3.10'
 runs:
   using: "composite"
   steps:
diff --git a/.github/workflows/check_version.yaml b/.github/workflows/check_version.yaml
@@ -15,4 +15,4 @@ jobs:
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/prepare_poetry_env
       - name: Check Release
-        run: ./scripts/build/check_release.sh "python3.8"
+        run: ./scripts/build/check_release.sh "python3.10"
diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml
@@ -17,7 +17,7 @@ jobs:
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/prepare_poetry_env
       - name: Build Release
-        run: ./scripts/build/check_release.sh "python3.8"
+        run: ./scripts/build/check_release.sh "python3.10"
 
   upload:
     needs: check-release
diff --git a/aws-code-build/ci/buildspec.yaml b/aws-code-build/ci/buildspec.yaml
@@ -10,12 +10,12 @@ phases:
 
   install:
     runtime-versions:
-      python: 3.8
+      python: 3.10
     commands:
       - git submodule update --init --recursive
       - curl -sSL https://install.python-poetry.org | python3 -
       - export PATH=$PATH:$HOME/.local/bin
-      - poetry env use $(command -v "python3.8")
+      - poetry env use $(command -v "python3.10")
       - poetry install
 
   pre_build:
diff --git a/aws-code-build/ci/buildspec_release.yaml b/aws-code-build/ci/buildspec_release.yaml
@@ -15,12 +15,12 @@ phases:
 
   install:
     runtime-versions:
-      python: 3.8
+      python: 3.10
     commands:
       - git submodule update --init --recursive
       - curl -sSL https://install.python-poetry.org | python3 -
       - export PATH=$PATH:$HOME/.local/bin
-      - poetry env use $(command -v "python3.8")
+      - poetry env use $(command -v "python3.10")
       - poetry install
 
   pre_build:
diff --git a/dependencies.md b/dependencies.md
@@ -1,6 +1,6 @@
 # Dependencies
 
-- Python 3.8
+- Python 3.10
 - Poetry
 - AWS
 
diff --git a/doc/changes/changes_0.2.1.md b/doc/changes/changes_0.2.1.md
@@ -1,15 +1,48 @@
-# ai-lab 0.2.1, released 2024-??-??
+# AI-Lab 0.2.1, released 2024-??-??
 
-Code name: Fix cloud storage notebook
+Code name: Fix Cloud Storage Notebook
 
 ## Summary
 
+This release fixes the Cloud Storage notebook and also fixes vulnerabilities by updating dependencies in file `poetry.lock` and GitHub workflows.
+
+Impact and delimitation
+* Updating the dependencies required to upgrade the build environment from Python `3.8` to `3.10`.
+* Also AWS codebuild image need to be upgraded from `aws/codebuild/standard:5.0` to `6.0`.
+* The Jupyterlab notebooks and their libraries remain on Python `3.8` for now.
+
 ## AI-Lab-Release
 
 Version: 0.2.1
 
 ## Features
 
+n/a
+
+## Security
+
+* #187: Fixed vulnerabilities by updating dependencies
+  * `ansible` from 6.7.0 to 7.7.0 to fix CVE-2023-5115, CVE-2022-3697.
+  * `ansible-core` from 2.13.13 to 2.14.14 to fix CVE-2024-0690, CVE-2023-5764.
+  * `urllib3` from 1.26.16 to 1.26.18 to fix CVE-2023-45803, CVE-2023-43804.
+  * `tornado` from 6.3.2 to 6.4 to fix vulnerability to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths.
+  * `paramiko` from 3.2.0 to 3.4.0 to fix CVE-2023-48795.
+  * `jupyterlab` from 4.0.6 to 4.1.1 to fix CVE-2024-22420, CVE-2024-22421.
+  * `jinja2` from 3.1.2 to 3.1.3 to fix CVE-2024-22195.
+  * `gitpython` from 3.1.31 to 3.1.41 to fix CVE-2024-22190, CVE-2023-41040, CVE-2023-40590, CVE-2023-40267.
+  * `cryptography` from 41.0.1 to 42.0.2 to fix CVE-2023-50782, CVE-2023-49083, CVE-2023-38325.
+  * `certifi` from 2023.5.7 to 2024.2.2 to fix CVE-2023-37920.
+  * `requests` from 2.25.1 to 2.31.0 to fix CVE-2023-32681.
+  * `localstack` from 0.14.0 to 3.1.0 to fix CVE-2023-48054.
+
 ## Bug Fixes
 
-* #205: Error on cloud storage notebook init 
+* #205: Error on cloud storage notebook init
+
+## Documentation
+
+n/a
+
+## Refactoring
+
+n/a
diff --git a/doc/developer_guide/developer_guide.md b/doc/developer_guide/developer_guide.md
@@ -10,7 +10,7 @@ the virtual image formats.
 
 This package requires:
 
-* Python (>=3.8)
+* Python (>=3.19)
 * Poetry (>=1.2.0)
 * Docker (for integration tests)
 * AWS CLI
diff --git a/exasol/ds/sandbox/runtime/ansible/roles/jupyter/files/notebook/transformers/te_introduction.ipynb b/exasol/ds/sandbox/runtime/ansible/roles/jupyter/files/notebook/transformers/te_introduction.ipynb
@@ -7,7 +7,7 @@
    "source": [
     "# Introduction\n",
     "\n",
-    "This set of notebooks demonstrates the functionality of the Exasol Transformer Extension. The extension allows the use of a pre-trained NLP model that can be found at the Haggingface Model Hub. It consists of a number of UDF and Lua scripts. The scripts can be uploaded into the database using a Python library.\n",
+    "This set of notebooks demonstrates the functionality of the Exasol Transformer Extension. The extension allows the use of a pre-trained NLP model that can be found at the Huggingface Model Hub. It consists of a number of UDF and Lua scripts. The scripts can be uploaded into the database using a Python library.\n",
     "\n",
     "For more information, please refer to the Transformer Extension <a href=\"https://github.com/exasol/transformers-extension/blob/main/doc/user_guide/user_guide.md\" target=\"_blank\" rel=\"noopener\">User Guide</a>.\n",
     "\n",
diff --git a/exasol/ds/sandbox/runtime/ansible/roles/jupyter/files/requirements_jupyter.txt b/exasol/ds/sandbox/runtime/ansible/roles/jupyter/files/requirements_jupyter.txt
@@ -1,4 +1,4 @@
-jupyterlab==4.0.6
+jupyterlab==4.1.1
 # enable interactive Javascript widgets in the notebooks
 ipywidgets==8.1.1
 pexpect==4.8.0
diff --git a/exasol/ds/sandbox/templates/ci_code_build.jinja.yaml b/exasol/ds/sandbox/templates/ci_code_build.jinja.yaml
@@ -92,7 +92,7 @@ Resources:
       Environment:
         Type: LINUX_CONTAINER
         ComputeType: BUILD_GENERAL1_SMALL
-        Image: aws/codebuild/standard:5.0
+        Image: aws/codebuild/standard:6.0
       Source:
         Type: GITHUB
         Location: "https://github.com/exasol/ai-lab"
diff --git a/exasol/ds/sandbox/templates/release_code_build.jinja.yaml b/exasol/ds/sandbox/templates/release_code_build.jinja.yaml
@@ -86,7 +86,7 @@ Resources:
       Environment:
         Type: LINUX_CONTAINER
         ComputeType: BUILD_GENERAL1_SMALL
-        Image: aws/codebuild/standard:5.0
+        Image: aws/codebuild/standard:6.0
       Source:
         Type: GITHUB
         Location: "https://github.com/exasol/ai-lab"
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
diff --git a/test/aws_local_stack_access.py b/test/aws_local_stack_access.py
diff --git a/test/conftest.py b/test/conftest.py
diff --git a/test/integration/localstack_test.py b/test/integration/localstack_test.py
diff --git a/test/integration/test_serialization.py b/test/integration/test_serialization.py

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-jupyterlab==4.0.6`
	`1`	`+jupyterlab==4.1.1`
`2`	`2`	`# enable interactive Javascript widgets in the notebooks`
`3`	`3`	`ipywidgets==8.1.1`
`4`	`4`	`pexpect==4.8.0`